Source code
Revision control
Copy as Markdown
Other Tools
/*
* HMAC_DRBG (SP800-90A)
* (C) 2014,2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#ifndef BOTAN_HMAC_DRBG_H_
#define BOTAN_HMAC_DRBG_H_
#include <botan/stateful_rng.h>
#include <botan/mac.h>
namespace Botan {
class Entropy_Sources;
/**
* HMAC_DRBG from NIST SP800-90A
*/
class BOTAN_PUBLIC_API(2,0) HMAC_DRBG final : public Stateful_RNG
{
public:
/**
* Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
*
* Automatic reseeding is disabled completely, as it has no access to
* any source for seed material.
*
* If a fork is detected, the RNG will be unable to reseed itself
* in response. In this case, an exception will be thrown rather
* than generating duplicated output.
*/
explicit HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf);
/**
* Constructor taking a string for the hash
*/
explicit HMAC_DRBG(const std::string& hmac_hash);
/**
* Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
*
* Automatic reseeding from @p underlying_rng will take place after
* @p reseed_interval many requests or after a fork was detected.
*
* @param prf MAC to use as a PRF
* @param underlying_rng is a reference to some RNG which will be used
* to perform the periodic reseeding
* @param reseed_interval specifies a limit of how many times
* the RNG will be called before automatic reseeding is performed (max. 2^24)
* @param max_number_of_bytes_per_request requests that are in size higher
* than max_number_of_bytes_per_request are treated as if multiple single
* requests of max_number_of_bytes_per_request size had been made.
* In theory SP 800-90A requires that we reject any request for a DRBG
* output longer than max_number_of_bytes_per_request. To avoid inconveniencing
* the caller who wants an output larger than max_number_of_bytes_per_request,
* instead treat these requests as if multiple requests of
* max_number_of_bytes_per_request size had been made. NIST requires for
* HMAC_DRBG that every implementation set a value no more than 2**19 bits
* (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
* example every 512 bit automatic reseeding occurs.
*/
HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf,
RandomNumberGenerator& underlying_rng,
size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL,
size_t max_number_of_bytes_per_request = 64 * 1024);
/**
* Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
*
* Automatic reseeding from @p entropy_sources will take place after
* @p reseed_interval many requests or after a fork was detected.
*
* @param prf MAC to use as a PRF
* @param entropy_sources will be polled to perform reseeding periodically
* @param reseed_interval specifies a limit of how many times
* the RNG will be called before automatic reseeding is performed (max. 2^24)
* @param max_number_of_bytes_per_request requests that are in size higher
* than max_number_of_bytes_per_request are treated as if multiple single
* requests of max_number_of_bytes_per_request size had been made.
* In theory SP 800-90A requires that we reject any request for a DRBG
* output longer than max_number_of_bytes_per_request. To avoid inconveniencing
* the caller who wants an output larger than max_number_of_bytes_per_request,
* instead treat these requests as if multiple requests of
* max_number_of_bytes_per_request size had been made. NIST requires for
* HMAC_DRBG that every implementation set a value no more than 2**19 bits
* (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
* example every 512 bit automatic reseeding occurs.
*/
HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf,
Entropy_Sources& entropy_sources,
size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL,
size_t max_number_of_bytes_per_request = 64 * 1024);
/**
* Initialize an HMAC_DRBG instance with the given MAC as PRF (normally HMAC)
*
* Automatic reseeding from @p underlying_rng and @p entropy_sources
* will take place after @p reseed_interval many requests or after
* a fork was detected.
*
* @param prf MAC to use as a PRF
* @param underlying_rng is a reference to some RNG which will be used
* to perform the periodic reseeding
* @param entropy_sources will be polled to perform reseeding periodically
* @param reseed_interval specifies a limit of how many times
* the RNG will be called before automatic reseeding is performed (max. 2^24)
* @param max_number_of_bytes_per_request requests that are in size higher
* than max_number_of_bytes_per_request are treated as if multiple single
* requests of max_number_of_bytes_per_request size had been made.
* In theory SP 800-90A requires that we reject any request for a DRBG
* output longer than max_number_of_bytes_per_request. To avoid inconveniencing
* the caller who wants an output larger than max_number_of_bytes_per_request,
* instead treat these requests as if multiple requests of
* max_number_of_bytes_per_request size had been made. NIST requires for
* HMAC_DRBG that every implementation set a value no more than 2**19 bits
* (or 64 KiB). Together with @p reseed_interval = 1 you can enforce that for
* example every 512 bit automatic reseeding occurs.
*/
HMAC_DRBG(std::unique_ptr<MessageAuthenticationCode> prf,
RandomNumberGenerator& underlying_rng,
Entropy_Sources& entropy_sources,
size_t reseed_interval = BOTAN_RNG_DEFAULT_RESEED_INTERVAL,
size_t max_number_of_bytes_per_request = 64 * 1024);
std::string name() const override;
size_t security_level() const override;
size_t max_number_of_bytes_per_request() const override
{ return m_max_number_of_bytes_per_request; }
private:
void update(const uint8_t input[], size_t input_len) override;
void generate_output(uint8_t output[], size_t output_len,
const uint8_t input[], size_t input_len) override;
void clear_state() override;
std::unique_ptr<MessageAuthenticationCode> m_mac;
secure_vector<uint8_t> m_V;
const size_t m_max_number_of_bytes_per_request;
const size_t m_security_level;
};
}
#endif